Question 01

Witch access list entry checks for an ACK within a packet header?
A access-list 49 permit ip any any eq 21 tcp-ack
B access-list 49 permit tcp any any eq 21 tcp-ack
C access-list 149 permit tcp any any eq 21 established
D access-list 49 permit tcp any any eq 21 established
Answer: C
===============================================================
==================
Question 02:
Which option is one way to mitigate symmetric routing on an active/active firewall setup for TCP-
based connections?
A performing packet captures
B disabling asr-group commands on interfaces that are likely to receive asymetric traffic
C replacing them with redundant routers and allowing load balancing
D disabling stateful TCP checks
Answer: D
===============================================================
==================
Question 03:
A network engineer executes the show ip cache flow command. Witch two types of information are
displayed in the report that is generated? Choose two:
A top talkers
B flow export statistics
C flow sample for specific protocols
D MLS flow traffic
E IP packet distribution
Answer: C & E
===============================================================
==================
Question 04:
Which DHCP option provides a TFTP server that Cisco phones can use to download a configuration?
A DHCP Option 66
B DHCP Option 68
C DHCP Option 82
D DHCP Option 57
As: A
===============================================================
==================
Question 05:
Drag and Drop
Authentication (two sentences) >>>
supports a local database for device access
supports encryption
Accounting (two sentences) >>>
-not supported with local AAA
-verifies network usage
Authorization (two sentences) >>>
specifies a users specific access privileges
enforces time periods during which a user can access the device
===============================================================
==================
Question 06:
-drag and drop
CHAP (two sentences) >>>
Generates a unique string for each transaction
supports mid-session re-authentication
PAP (two sentences) >>>
 provides minimal security
requires a username and password only
===============================================================
==================
Question 07:
there is a choice on flow..a customer what ..i dontremind well
A.PMTUD
B.MTU
C IP MTU
===============================================================
==================
Question 08
Radius >>>
uses udp port 1812 (for authentication / authorization). It encrypts only the password in the access-
request packet, from the client to the server. The remainder of

the packet is unencrypted.

It combines authorization and accounting functions.
Tacacs+ >>>
users tcp port 49 and encrypts the entire packet.
It separates authorization and accounting functions.
===============================================================
==================
Question 09:
you have to link this 4 sentences:
Ans:
network-specific stateful NAT64 prefix: IPV6 prefix assigned by an orginzation
NAT64 : supports application layer gateway
NPTv6 : translates 2001:1::/64 to 2001:2::/64
well-known stateful NAT64 prefix: supports IPV6 prefix 64:ff9b::/96
===============================================================
==================
Question 10:
Command in uRPF loose mode
a. ip verify unicast source reachable-via any
Ans: A
===============================================================
==================
Question:11
Two GRE scenarios for preventing
A) TCP MSS
B) DF Bit
Ans: A & B
===============================================================
==================
Question 12:
Which feature enables security in vty lines.
a. exec-time out
b. logging
c. username and password
d. transport out
Answer C
===============================================================
==================
Question 13:
Which feature enables security in vty lines.
a. exec-time out
b. logging
c. username and password
d. transport out
Answer: C
===============================================================
==================
Question 14:
Given ((diagram with R1 SLA config)) with configuration written on Picture as
R(Config)#ip sla 1
R1(Config-ip-sla)#icmp-echo 172.20.20.2 source-interface f1/0
R1(Config-ip-sla)#frequency 10
R1(Config-ip-sla)#threshold 100
R1(Config)#ip sla schedule 1 start-time now life forever
R1(Config)#track 10 ip sla ???-
R1(Config)#ip route 0.0.0.0.0 0.0.0.0 172.20.20.2
what make default route not removed when SLA state down or failed
a. the destination must be 172.30.30.2 for icmp-echo
b.the threshold value is wrong
c.
d. missing of track feature on default static route command
Answer : D
===============================================================
==================
Question 15:
Which access list used to filter upper layer protocol?
a. extended acl
Answer: A
===============================================================
==================
Question 16:
ALWAYS block the outbound web traffic on Saturdays and Sunday between 1:00 to 23:59
a. periodic Saturday Sunday 01:00 to 23:59 and IN
b. periodic Saturday Sunday 01:00 to 23:59 and OUT
c. periodic Saturday Sunday 01:00 to 11:59 and IN
d. Absolute Saturday Sunday 01:00 to 11:59 and IN
Answer: B
===============================================================
==================
Question 17:
What command is needed to get the ip address assigned from the PPPOE server?
a. Interface dialer
b. pppoe enable
c. ip address negotiated
d. ip address auto negotiated
Answer: C
===============================================================
==================
Question 18:
Refer to the following configuration command.
router(config)# ip nat inside source static tcp 172.16.10.8 8080 172.16.10.8 80 Which statement
about the command is true?
A. Any packet that is received in the inside interface with a source IP port address of 172.16.10.8:80
is translated to 172.16.10.8:8080.
B. Any packet that is received in the inside interface with a source IP port address of
172.16.10.8:8080 is translated to 172.16.10.8:80.
C. The router accepts only a TCP connection from port 8080 and port 80 on IP address 172.16.10.8.
D. Any packet that is received in the inside interface with a source IP address of 172.16.10.8 is
redirected to port 8080 or port 80.
( Answer : B )
===============================================================
==================
Questions 19 :
Two GRE sccenarios for preventing(Choose two)
A. TCP MSS
B. DF Bit
Answer: A,B
===============================================================
==================
Questions 20 :
A network engineer enables OSPF on a Frame Relay WAN connection to various remote stes, but no
OSPF adjacencies come up Which two actions are possible solutions for

this issue? (Choose Two)

A Change the network type to point-to-murpont under WAN interface
B. Enable virtual Inks
C Change the network type to nonbroadcast mutpoint access
D Configure the neighbor command under OSPF process for each remote ste
E Ensure that the OSPF process number matches among all remote stes
Answer: A, D
===============================================================
==================
Question 21 :
Whats uRPF checking first when the packet enters the interface? or when unicast reverse patch
forwarding is configured on interinterface.
A- it check the ingress access list
B- it check the egress access list
C- Route available in FIB ot it verifies a reverse patch via the fib to the source
D- it verify that the source has a
Answer : A